Bug 1109759

Summary: Rebase bind-dyndb-ldap to latest upstream version
Product: Red Hat Enterprise Linux 7 Reporter: Martin Kosek <mkosek>
Component: bind-dyndb-ldapAssignee: Petr Spacek <pspacek>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.1CC: jgalipea, pspacek
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-dyndb-ldap-6.0-1.el7 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Feature: Enhancements ============ * Read-query performance is nearly same as with plain BIND and queries for non-existing records do not impose additional load on LDAP server. * Wildcard records are supported. For details please see RFC 4592. http://tools.ietf.org/html/rfc4592 * Incremental Zone Transfers (IXFR, RFC 1995) are supported. http://tools.ietf.org/html/rfc1995 * DNS root zone (".") can be stored in LDAP. * DNSSEC in-line signing is supported for master zones. Any master zone in LDAP can be signed with keys provided by user. Behavioral changes & upgrade ============================ * Forwarder semantic was changed to match BIND's semantic: - idnsZone objects always represent master zones - idnsForwardZone objects (new) always represent forward zones !!! Users are responsible for upgrading their own data in LDAP. !!! Upgrade: 1) Start with upgrading bind-dyndb-ldap package on all servers to latest version provided with RHEL 7.0. This step will help you minize downtime because bind-dyndb-ldap-3.5 supports old and new formats at the same time. 2) Retrieve zones stored in the old format: $ ldapsearch -Y GSSAPI -b 'cn=dns, dc=ipa, dc=example' '(&(objectClass=idnsZone)(idnsForwarders=*)(!(idnsForwardPolicy=none)))' objectClass idnsName idnsZoneActive idnsForwarders idnsForwardPolicy > old_zones.ldif # NOTE: parameters -Y and -b need to be tweaked according to your local configuration. # 3) Change objectClass attribute in old_zones.ldif by replacing 'idnsZone' with 'idnsForwardZone'. Resulting LDIF should have this form: dn: idnsName=example.com,cn=dns,dc=ipa,dc=example objectClass: top objectClass: idnsForwardZone idnsName: example.com idnsZoneActive: TRUE idnsForwarders: 192.0.2.1 idnsForwardPolicy: only 4) Delete old objects from LDAP. 5) Import modified objects to LDAP. http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades * Persistent search and zone refresh mechanism were replaced by RFC 4533 (aka SyncRepl). ** Options zone_refresh, cache_ttl and psearch were removed and should be droped from /etc/named.conf or equivalent file. ** Also support for LDAP attributes idnsZoneRefresh and idnsPersistentSearch was removed and these attributes should be removed from LDAP. ** From now on, the bind-dyndb-ldap plugin will work only with RFC 4533-compliant LDAP servers. Please configure your LDAP sever accordingly. * SOA serial auto-increment feature is now mandatory. The plugin has to have write access to LDAP. * Data from LDAP are not served to clients until initial synchronization with LDAP is finished. All queries received during initial synchronization are processed as if bind-dyndb-ldap were not configured, i.e. can be answered with NXDOMAIN or . * Plug-in creates journal file for each DNS zone in LDAP. (This allows us to support IXFR.) Working directory has to be writable by named. Please see README if you have tweaked BIND and bind-dyndb-ldap configurations. Bug fixes ========= * Many :-) * Most important one: Kerberos ticket expiration is now handled correctly. Known problems and limitations ============================== * LDAP MODRDN (rename) is not supported at the moment: https://bugzilla.redhat.com/show_bug.cgi?id=1139776 * Zones and records deleted when connection to LDAP is down are not refreshed properly after re-connection: https://bugzilla.redhat.com/show_bug.cgi?id=1139778 Reason: We wanted to provide new features. Result: New features are available :-)
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:29:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1044159, 1044170, 1044171    
Bug Blocks: 957249, 1078295, 1082754, 1113520, 1138317, 1370126    

Description Martin Kosek 2014-06-16 10:25:03 UTC
Rebase bind-dyndb-ldap to the latest stabilization release of upstream bind-dyndb-ldap 5.x to introduce new enhancements and stabilization in RHEL.

Comment 1 Petr Spacek 2014-07-18 12:26:56 UTC
I'm adding 389 DS bugs which makes new version of bind-dyndb-ldap unusable.

Comment 3 Petr Spacek 2014-09-15 11:54:47 UTC
I'm renaming the bug to reflect latest requiements.

Comment 4 Namita Soman 2015-01-05 15:58:50 UTC
Verified version of bind-dyndb-ldap in rhel7.1

# rpm -qa bind-dyndb-ldap
bind-dyndb-ldap-6.0-2.el7.x86_64

Comment 6 errata-xmlrpc 2015-03-05 09:29:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0424.html